protected void configure(ServerHttpSecurity http) { Optional.ofNullable(this.csrfTokenRepository).ifPresent(serverCsrfTokenRepository -> { this.filter.setCsrfTokenRepository(serverCsrfTokenRepository); http.logout().addLogoutHandler(new CsrfServerLogoutHandler(serverCsrfTokenRepository)); }); http.addFilterAt(this.filter, SecurityWebFiltersOrder.CSRF); }
@Bean(HTTPSECURITY_BEAN_NAME) @Scope("prototype") public ServerHttpSecurity httpSecurity() { ContextAwareServerHttpSecurity http = new ContextAwareServerHttpSecurity(); return http .authenticationManager(authenticationManager()) .headers().and() .logout().and(); }
protected void configure(ServerHttpSecurity http) { Optional.ofNullable(this.csrfTokenRepository).ifPresent(serverCsrfTokenRepository -> { this.filter.setCsrfTokenRepository(serverCsrfTokenRepository); http.logout().addLogoutHandler(new CsrfServerLogoutHandler(serverCsrfTokenRepository)); }); http.addFilterAt(this.filter, SecurityWebFiltersOrder.CSRF); }
@Bean(HTTPSECURITY_BEAN_NAME) @Scope("prototype") public ServerHttpSecurity httpSecurity() { ContextAwareServerHttpSecurity http = new ContextAwareServerHttpSecurity(); return http .authenticationManager(authenticationManager()) .headers().and() .logout().and(); }
.and() .formLogin().and() .logout() .requiresLogout(ServerWebExchangeMatchers.pathMatchers("/custom-logout")) .and()
protected void configure(ServerHttpSecurity http) { Optional.ofNullable(this.csrfTokenRepository).ifPresent(serverCsrfTokenRepository -> { this.filter.setCsrfTokenRepository(serverCsrfTokenRepository); http.logout().addLogoutHandler(new CsrfServerLogoutHandler(serverCsrfTokenRepository)); }); http.addFilterAt(this.filter, SecurityWebFiltersOrder.CSRF); }
@Bean(HTTPSECURITY_BEAN_NAME) @Scope("prototype") public ServerHttpSecurity httpSecurity() { ContextAwareServerHttpSecurity http = new ContextAwareServerHttpSecurity(); return http .authenticationManager(authenticationManager()) .headers().and() .logout().and(); }
@Bean SecurityWebFilterChain springSecurityFilterChain(final ServerHttpSecurity http) { http .authorizeExchange() .pathMatchers("/favicon.ico", "/css/**", "/webjars/**") .permitAll() .anyExchange() .authenticated() .and() .httpBasic() .and() .formLogin() .and() .logout() ; return http.build(); }
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { log.info("Configuring SecurityWebFilterChain ..."); formLogin(http); // Configure form login authorizeExchange(http); // configure authorization oauth2Login(http); // configure OAuth2 login return http .securityContextRepository(NoOpServerSecurityContextRepository.getInstance()) .exceptionHandling() .accessDeniedHandler(accessDeniedHandler()) .authenticationEntryPoint(authenticationEntryPoint()) .and() .cors() .and() .csrf().disable() .addFilterAt(tokenAuthenticationFilter(), SecurityWebFiltersOrder.AUTHENTICATION) .logout().disable() .build(); }